Following a string of data breaches that touched tens of millions of consumers, and revelations of user data exploitation by popular social media platforms, there’s a broad national consensus: It’s time for internet users to have guarantees about privacy and data protection. Legislation is long overdue.
Some states, such as California, have already taken action. One year ago, California passed a sweeping privacy protections law. Other states have expressed an intention to do so, and Congress is expected to consider legislation. What’s the best way forward?
Congress must take its responsibility to protect user privacy and data seriously. At a minimum, any new federal law should provide internet users with the knowledge of which personal information is collected by the websites they visit and how that information is used. They should have a meaningful opportunity to opt out of these collection and use practices.
Congress should also ensure that any user’s sensitive personal identification information — such as a driver’s license, credit card number or Social Security number — can be collected and retained only with that user’s consent. Reasonable rights to access and correct user-provided information should also be afforded.
But it’s important to realize that web services are offered on a national basis and many would be disrupted by a multiplicity of diverse and contradictory state privacy requirements. The compliance costs could be enormous, particularly for small and startup businesses. There may be situations where it’s literally impossible to comply with the conflicting requirements of different states’ laws.
Not only would compliance with various state requirements be exceedingly difficult, consumers would be constantly unsure about which state’s privacy requirements apply. Consider the mobile service provider whose customer lives in one state, travels to another state and accesses an e-commerce site headquartered in a third state. The service provider is headquartered in a fourth state and uses a server data center in a fifth state.
Whose law applies — the state of residence of the customer or internet edge provider? The state of location of the customer or that of the service provider? Or the state where a server sends and receives customer messages?
To avoid this obvious confusion, it’s far better for Congress to adopt one strong, clear national privacy standard that would be applicable across the entire internet ecosystem, from the service provider to content-providing companies. In order to prevent disruption and consumer confusion in the application of an internet privacy law, Congress should pass its own privacy standard that preempts the states from their own regulation.
Such action would certainly not be new. Congress routinely preempts states in instances where a single uniform national standard is called for.
For example, in the Energy Policy and Conservation Act, Congress preempted state (and local) action on the energy efficiency of appliances where a national standard is in place. In the Toxic Substances Control Act, Congress preempted state action in favor of national regulation of chemicals covered by Environmental Protection Agency rules. Congress has also been quite clear that action by the Food and Drug Administration preempts conflicting state standards in the area of approval of new pharmaceuticals and medical devices.
Appliances, chemicals, prescription drugs, medical devices — all of these are goods of major importance to the national economy. So too is e-commerce involving the sale of both physical and digital goods. Federal preemption was right in the areas referenced above and, to avoid harming the internet economy and preventing consumer misunderstanding, is also right for data privacy standards.
It would be a critical mistake for Congress to enact a data privacy law that only provides a base from which the states can add additional requirements. Through the resulting disruption and chaos, harm would come to the internet economy while doing little if anything to advance real privacy for internet users.
A single, strong national data privacy standard would provide clear rules for companies to follow while fostering consumer understanding of the privacy assurances that have been extended to them.
Fortunately, the need for data privacy protection enjoys rare, widespread bipartisan support. It’s now Congress’ turn to act.
Rick Boucher was a member of the U.S. House for 28 years, representing Virginia’s ninth district. He chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance and a partner in the Washington, D.C., office of the law firm Sidley Austin. (This piece was originally published in the San Francisco Chronicle on June 26, 2019, and is reprinted with permission of the author.)
BroadbandBreakfast.com accepts commentary from informed observers of the broadband scene. Please send pieces to email@example.com. The views reflected in Expert Opinion pieces do not necessarily reflect the views of BroadbandBreakfast.com and Breakfast Media LLC.
- T-Mobile’s Acquisition of Sprint Passes Federal Muster, But 16 States Press On in Opposition
- Comcast Touts 100 Gigabit Service, SHLB Seeks Reconsideration on Telehealth, Senate Clears Emergency Communications
- As Next Year’s C-Band Auction Looms, FCC Officials Reflect on Innovation in Spectrum Auctions
- Problems of Lack of Transparency Pervade Issues of Algorithms in Artificial Intelligence
- New Hampshire Plans a Broadband System, Microsoft on Californian Privacy, and Google Collects Medical Data
Signup for Broadband Breakfast
Intellectual Property4 months ago
In Congressional Oversight Hearing, Register of Copyrights Says Office Is Responding to Online Users
Broadband Data5 months ago
California Report: Income Most Significant Factor in Low Broadband Adoption
Broadband Data6 months ago
Pennsylvania Broadband Speeds Worse Than Previously Believed, According to State Report
Privacy and Security2 months ago
Comparing Privacy Policies for Wearable Fitness Trackers: Apple, Fitbit, Xiaomi and Under Armour
Antitrust2 months ago
Addressing the Impact of Big Data Upon Antitrust is More Complicated Than a Big Tech Breakup
Expert Opinion4 months ago
Geoff Mulligan: A ‘Dumb’ Way to Build Smart Cities
Antitrust2 months ago
Broadband Roundup: Everyone (Almost) Gangs Up on Google, Muni Broadband Fact Sheet, SHLB Anchornet Conference
Broadband Roundup3 months ago
Cable Industry Touts Energy Efficiency, Next Century Highlights Open Access Fiber, Aspen Forum Set